Law expert Nthabiseng Dubazane says with the Protection of Personal Information Act people can now lodge complaints if their information is distributed without consent.
IN LIGHT of the implementation of the Protection of Personal Information Act, which comes into effect today, law expert Nthabiseng Dubazane says if an individual’s information is distributed without their consent, they have a right lodge a complaint.
The act – often called the POPI Act or POPIA – seeks to regulate what kind of information/data can be used from individuals.
Employers who fail to comply with POPIA could either face 10 years imprisonment or receive a R10 million fine.
“Every company… media, law firms, service providers etc. have to have authorisation to distribute information or data of an individual before doing so,” said Dubazane.
“So if a service provider contacts you and cannot show any proof whatsoever that you gave consent to them calling you or emailing you, you have the right to lodge a complaint,” she said.
“There will be a complaints regulator who will be appointed to handle complaints arising from said situations.”
She emphasised that POPIA was for the benefit of employees as they “no longer have to deal with the verbal abuse from clients who are upset that their information was sent out for a product they do not want”.
Rona Bekker, a senior policy advisor at the National Employers’ Association of SA (NEASA), said businesses needed to educate, inform, and train their employees on the conditions of POPIA to avoid any penalties for non-compliance.
She said POPIA meant that businesses have to review and possibly amend their processing activities with regards to personal information, in order to ensure they comply with the minimum requirements and conditions for the lawful processing of personal information.
“All businesses in South Africa are subject to the application of this act, and have to process the personal information of their clients, customers, employees, suppliers and any other data subjects’ personal information in accordance with the provisions of POPIA.
“Organisations must ensure that they implement the appropriate systems and policies to ensure that every single processing activity, whether automated or not, provides adequate protection to the information through its life cycle in their institution,” said Bekker.
The POPIA may place a notable compliance burden upon businesses, but the benefit from its enactment was the assurance that the legislature and the state is concern the protection of the right to privacy, as enshrined in the Constitution, according to Bekker.
Efficient Group chief economist Dawie Roodt said as the managing director, he has the added role of being the POPI representative at his company.
He said the implementation of the act had been costly.
“It’s costing us a lot of money and it’s a lot of effort to get this implemented. We have to write our own policies.
“If I do business with another business, the information of my business will be protected. But if I’m the business receiving the information it results in a lot of work for me. I, for example, will have to implement a lot of things such as destroying information if I no longer need it, so it’s costing me money,” he said.